| Method for preventing malicious software installation on an internet-connected computer -> Monitor Keywords |
|
|
Method for preventing malicious software installation on an internet-connected computerRelated Patent Categories: Information Security, Monitoring Or Scanning Of Software Or Data Including Attack PreventionMethod for preventing malicious software installation on an internet-connected computer description/claimsThe Patent Description & Claims data below is from USPTO Patent Application 20070192854, Method for preventing malicious software installation on an internet-connected computer. Brief Patent Description - Full Patent Description - Patent Application Claims
FIELD OF THE INVENTION [0001] The present invention relates generally to computer security and Internet security. More specifically, the present invention relates to a method for preventing malicious software from being installed on a computer system. The present invention provides a dedicated partition for Internet use within which malicious software cannot be installed. BACKGROUND OF THE INVENTION [0002] Malicious software distributed on the Internet is a large and growing problem. Criminals and hackers have developed techniques for installing unwanted and damaging software onto computers connected to the Internet. Malicious software such as spyware or keyloggers can capture private details of a persons life such as bank account numbers, social security numbers, or credit card numbers which can be used in identify theft. Also, malicious software can convert a computer into a remotely controllable "zombie" computer that can be used in denial of service (DOS) attacks or other criminal activity. There are many ways that malicious software can be downloaded from the Internet. Typically, the malicious software is unintentionally loaded by a user navigating to a website and downloading seemingly harmless or useful software. Sometimes the malicious software is disguised as a useful file or media (e.g. music, videos). Also, the software can be obtained from an e-mail message. [0003] The problem of malicious software is growing, and threatens many legitimate commercial activities on the Internet. Also, malicious software can cause profound damage to computer networks and inconvenience to Internet users. [0004] It would be an advance in the art to provide a simple and effective method for preventing the installation and operation of malicious software. Such a method should provide full-function and convenient access to the Internet without allowing installation of malicious software. SUMMARY OF THE INVENTION [0005] The present invention provides a method for secure Internet access. In the present method, first and second partitions are created in a computer memory (e.g. random access memory). Each partition has its own operating system (OS). The first partition is for conventional computer use, and has a conventional operating system. The second partition is for secure Internet use according to the present invention, and has an Internet OS specific for Internet use according to the present invention. The Internet OS cannot write or copy files in the second partition, or change the size of the second partition. Operation of the computer from the second partition may be invoked by any shortcut technique such as an executable file launched by selection of a screen icon. [0006] To access the Internet in a secure manner, Internet software is loaded into the second partition, and then the Internet is accessed using software in the second partition. According to the present invention, the second partition provides secure access to the Internet. Malicious software loaded into the second partition from the Internet will be unable to create or change files in the second partition, and will be unable to change the size of the second partition or memory allocated for Internet software applications. [0007] Preferably in the present invention, a secure memory is also provided. The secure memory temporarily stores software applications and files used in the second partition. Also, the secure memory can have a cyclic redundancy check (CRC) table or similar repository for data which can be used to detect changes in a file. (A cyclic redundancy check is a technique for calculating a number from particular text in a potentially much larger file and even a minor change in the text may result in a significantly different number. Hereinafter, the term cyclic redundancy check or CRC will be used as a collective reference to all techniques and arrangements such as hashing functions and the like capable of determining changes in files.) The CRC table stores CRC values for all files in the secure memory. When software is loaded from the secure memory into the second partition, CRC values are calculated for all files in the second partition, and the calculated CRC values are compared to CRC values stored in the CRC table. If the CRC values match, then Internet access can proceed. If they do not match, then malicious software may be present. Access to the Internet is stopped and new software may be loaded into the second partition (e.g. from the secure memory, a hard drive or other secure source). [0008] Also, a download memory is preferably provided. The download memory temporarily stores files downloaded from the Internet. Before downloaded files are transferred to the first partition, the files are scanned for malicious software using any suitable technique, such as anti-virus software or detection of unlikely commands. The download memory provides a secure storage for potentially infected files until they can be scanned and tested for malicious software. [0009] In the present invention, the Internet OS can only write or copy files in the secure memory or in the download memory but cannot write within the second partition. Also, software applications in the second partition preferably have allocated memory regions with fixed, unchangeable size(s). This prevents malicious software from gaining access to the computer by causing program memory overflow. It is noted that "fixed and unchangeable" means that the allocated memory cannot be changed after the second partition has been created. Second partition size and memory allocated can be changed if the second partition is closed, and a new second partition is created with different memory allocation sizes. DESCRIPTION OF THE FIGURES [0010] FIG. 1 shows a memory allocation structure inside a computer according to the present invention. [0011] FIG. 2 shows a cyclic redundancy check table according to the present invention. The CRC table preferably stores CRC values for all files loaded into or created within the second partition. [0012] FIGS. 3a and 3b show flow charts for initialization methods for preparing the computer for implementing the method of secure Internet access according to the present invention. [0013] FIG. 4 shows a flow chart for secure Internet access according to the present invention. [0014] FIG. 5 shows a flow chart for secure downloading of files from the Internet according to the present invention. DETAILED DESCRIPTION OF THE INVENTION [0015] The present invention provides a method and apparatus for preventing the installation of malicious software on an Internet-connected computer. In the present invention, the computer has a random access memory that is divided into two partitions. A first partition is for normal, preferably non-Internet related use. A second partition is for secure Internet use. The second partition has its own operating system, Internet browser and other software suitable for internet communications and, preferably, only such software. The operating system in the second partition is thus restricted in functionality. Specifically, the operating system within the second partition cannot expand the size of the second partition memory, and cannot write or copy files to the second partition (or the first partition) but only to a download memory or a secure memory (under password or similar protection). A secure memory (e.g. password secured for at least write operations thereto) is also provided. The secure memory is read accessible by software in both partitions. The secure memory contains software (e.g. Internet browser and cyclic redundancy check software) and files that are used for building the second partition. Every time Internet access is desired (or during computer startup or periodically after the second partition is built), software and files in the secure memory are authenticated (e.g. by cyclic redundancy check (CRC)), and then loaded into the second partition, if needed. Also, a method is provided for downloading files into a download memory before loading and installation in the first partition. By doing so, malicious software loaded into the second partition from the Internet cannot copy or write files within the second partition, cannot propagate to the first partition, and is therefore limited in its ability to create damage. Accordingly, the present invention provides full-function Internet access, protection from malicious software, and protection from downloading undesired software or files generally. [0016] In the present invention, the partitions are defined as regions of computer memory or groups of memory addresses in a computer readable memory. Typically, the partitions will be located in high-speed random access memory available to a microprocessor for performing operations which will be described in detail below in accordance with computer-readable instructions stored in the memory. Each partition can essentially function as a separate computer, though processing for both partitions is preferably performed by a single processor. Software and files can be moved between partitions and memory areas according to the secure methods described herein. [0017] FIG. 1 illustrates a memory structure of a computer according to the present invention. In a computer operating according to the present invention, a first memory partition 20 and second memory partition 22 are provided. The partitions 20, 22 are stand-alone regions of random access memory. Each partition 20, 22 contains its own operating system (OS). The present computer includes a secure memory 24, which may be password-propected. The operating systems in both partitions 20, 22 can read and write to the secure memory 24. Also provided is a download memory 26 for temporarily storing potentially infected files downloaded from the Internet. Generally, the second partition 22 can write to the download memory 26, and the first partition 20 can read from the download memory 26 in order to perform scanning for malicious software and subsequent storage or other operations if no malicious software was found. [0018] The first partition 20 is a region of memory dedicated to software (e.g. computer-readable instructions) required for normal operation of the computer such as the operating system and other desired software. According to the present invention, the first partition preferably does not contain software (e.g. a browser) that accesses the Internet, if the computer is to be limited to secure internet access, as is considered to be desirable. That is, in the present invention, the first partition 20 is preferably never directly connected to the Internet. Hence, the first partition is generally not directly vulnerable to malicious software from the Internet. Preferably in the present invention, only the second partition 22 contains software that can access the Internet. The first partition 20 can, however, receive files downloaded from the Internet after they have passed through the download memory 26 where they may be scanned for the presence of malicious software. [0019] The second partition 22 contains software required for accessing the Internet such as an Internet browser, or e-mail application (optional). Also, the second partition 22 may include software specific to carrying out the invention as set forth below. The operating system in the second partition 22 preferably is simple and preferably lacks features that are not necessary for using the Internet and which could be used or exploited by malicious software. For example, the operating system in the second partition 22 may lack instructions for printing, or operating software applications unrelated to Internet access or functionality. Also, the second partition 22 and/or the Internet OS is programmed such that file copy and file write commands are not permitted for copying or writing to the second partition. The Internet OS in the second partition 22 cannot write files to the second partition, and cannot copy files in the second partition. The Internet OS can only write and copy files to the secure memory 24 (on a password protected basis or under other security arrangements) and the download memory 26. This is a fundamental and essential aspect of the present invention since it limits propagation of any malicious software to the first partition. This feature is also protected from being defeated by other features of the invention that will be discussed more fully below. Continue reading about Method for preventing malicious software installation on an internet-connected computer... Full patent description for Method for preventing malicious software installation on an internet-connected computer Brief Patent Description - Full Patent Description - Patent Application Claims Click on the above for other options relating to this Method for preventing malicious software installation on an internet-connected computer patent application. ###  How KEYWORD MONITOR works... a FREE service from FreshPatents1. Sign up (takes 30 seconds). 2. Fill in the keywords to be monitored. 3. Each week you receive an email with patent applications related to your keywords. Start now! - Receive info on patent apps like Method for preventing malicious software installation on an internet-connected computer or other areas of interest. ### Previous Patent Application: Method and apparatus for network security Next Patent Application: Peer based network access control Industry Class: ### FreshPatents.com Support Thank you for viewing the Method for preventing malicious software installation on an internet-connected computer patent info. IP-related news and info Results in 0.12948 seconds Other interesting Feshpatents.com categories: Daimler Chrysler , DirecTV , Exxonmobil Chemical Company , Goodyear , Intel , Kyocera Wireless , 174 |
 * Protect your Inventions * US Patent Office filing 
PATENT INFO |
|
